An unsecured ElasticSearch cluster exposed 37,900 records of Kool King Shop customers. The data was leaked because the database storing it was misconfigured, allowing anyone with an Internet connection and the knowledge to get to the records stored within. The database was not secured in any way and publicly accessible, so anyone who reached it could edit, download, or even destroy the data without needing admin credentials. Burger King immediately disabled access to the database and is now working with the relevant authorities.
Source: https://www.bleepingcomputer.com/news/security/burger-kings-online-store-for-kids-exposes-customers-info/